diff --git a/FlyCube/Api/Controller/PayController.class.php b/FlyCube/Api/Controller/PayController.class.php
index f7a7b7d..f44a5a3 100644
--- a/FlyCube/Api/Controller/PayController.class.php
+++ b/FlyCube/Api/Controller/PayController.class.php
@@ -53,8 +53,26 @@ class PayController extends PublicController
 
         //获取订单信息
         $where['order_sn'] = $_REQUEST['order_sn'];
+        $field = array('order_sn,shop_id,total_price,total_weight,openid');
+        $orderDb = D('order');
+        if ($order = $orderDb->where($where)->field($field)->find()) {
+            echo json_encode(array('status' => 0, 'msg' => '订单不存在'));
+            exit();
+        }
+        //订单检查
+        $whereShop['shop_id'] = $order['shop_id'];
+        $fieldShop = array('price_min', 'weight_max');
+        $shopDb = D('shop');
+        if ($shop = $shopDb->where($whereShop)->field($fieldShop)->find()) {
+            echo json_encode(array('status' => 0, 'msg' => '商铺不存在'));
+            exit();
+        }
+        if ($order['openid'] != $this->openid || (float)$order['total_price'] < (float)$shop['price_min'] || $order['total_weight'] > $shop['weight_max']) {
+            echo json_encode(array('status' => 0, 'msg' => '提交信息异常'));
+            exit();
+        }
+
         $orderDb = D('order');
-        $order = $orderDb->where($where)->find();
         //设置获取签名的订单参数
         $orderParameter = [
             'out_trade_no' => $order['order_sn'],